A Significant Rise in The Number of Irish SMEs Expecting a Data Protection Audit

Wizuda has published its nationwide General Data Protection Regulation (GDPR) IT research conducted into 175 organisations. The research found that although only 37% of companies have previously been subject to a data protection audit, 55% of companies think they will be subject to an audit in the coming 18 months.

With less than 6 months before the GDPR comes into full effect, the survey also found that over a third of Irish organisations have not yet started work on their GDPR compliance project, with over a quarter (26%) indicating other projects were a priority.

Wizuda commissioned Amárach Research to conduct a national research project across 175 organisations, investigating GDPR awareness, prioritisation, and obligations. This study focused on SMEs and targeted IT decision makers ranging from IT Directors, Heads of IT, CIOs and CISOs. Research took place between 12th September and 11th October 2017.

The Majority of SMEs Believe an Audit is Coming

The survey showed that 69% of Irish SMEs consider themselves to be data processors. The GDPR imposes direct statutory obligations on data processors meaning they will be subject to direct enforcement and potential fines by the Office of the Data Protection Commissioner (ODPC), as well as compensation claims by data subjects. All data processors must now make available all information necessary to demonstrate compliance and allow audits to be conducted by the data controller.

With the recent 56% budget increase given to the ODPC along with the prescriptive obligations that data controllers must now place on data processors under GDPR, only 19% of Irish SMEs believe that they won’t be subject to a data protection audit in the next 18 months.

Failing at the First Email

Wizuda’s research also revealed that, despite awareness of data privacy demands, 57% of organisations still use email to send personal data. This, Wizuda warns, greatly exposes organisations to a potential data breach or data audit failure. Added to this 2 in 5 organisations are using old in-house scripts to transfer data, making it difficult to demonstrate compliance when requested in an audit.

“Whilst it is worrying that less than two thirds of Irish SMEs have actually started their own project, it is good to see that 80% of those surveyed see IT as a major stakeholder in their GDPR compliance programme” said Danielle Cussen, Managing Director, Wizuda.

“Both the OPDC and data controllers will be looking to ensure that all data processors are GDPR compliant, so we would expect the number of Irish companies planning for a data protection audit continuing to increase in the run up to May 2018.”

Mike Ross, Commercial Director of Wizuda adds, “Don’t wait, if you know of a high-risk area, address it now. The right technical solutions can put permanent fixes into place and make the first steps of GDPR compliance much easier.”

Wizuda’s CFS solution can be purchased for as little as €8.99 per user per month and can save businesses from the negative impacts of email breaches protecting their reputation and complying with key data regulations.